{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Versions d'Oracle9i Application Server Portal Release 1 ant\u00e9rieures \u00e0 la version 3.0.9.8.5 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"Versions d'Oracle9i Application Server Portal Release 2 ant\u00e9rieures \u00e0 la version 9.0.2.3.0.","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nOracle9i Application Server Portal est le portail de Oracle9i\napplication server, le serveur d'applications d'Oracle.\n\nUne vuln\u00e9rabilit\u00e9 de type \u00ab injection sql \u00bb permet \u00e0 un utilisateur mal\nintentionn\u00e9, via une url malicieusement construite de r\u00e9cup\u00e9rer de\nl'information prot\u00e9g\u00e9.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 votre version (cf section\ndocumentation).\n","cves":[],"links":[],"reference":"CERTA-2003-AVI-192","revisions":[{"description":"version initiale.","revision_date":"2003-11-14T00:00:00.000000"}],"risks":[{"description":"Divulgation d'informations"}],"summary":"Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Oracle9i Application Server Portal\npermet \u00e0 un utilisateur mal intentionn\u00e9 d'acc\u00e9der \u00e0 des informations\nprot\u00e9g\u00e9es.\n","title":"Vuln\u00e9rabilit\u00e9 sur Oracle9i Application Server Portal","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 61 d'Oracle","url":"http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"}]}